-
Notifications
You must be signed in to change notification settings - Fork 75
152 lines (144 loc) · 6.41 KB
/
ci-integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
---
name: CI (integration)
on:
pull_request:
# Cancel any in-progress job or run
concurrency:
group: 'ci-${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: true
defaults:
run:
shell: sh -ex {0}
jobs:
check-secrets:
name: Check secrets
uses: ./.github/workflows/check-secrets-available.yaml
secrets:
SECRET_TO_CHECK: '${{ secrets.PYCLOUDLIB_CONFIG_CONTENTS }}'
package-builds:
name: Packaging
needs: check-secrets
if: ${{ needs.check-secrets.outputs.has-secrets == 'true' }}
runs-on: ubuntu-22.04
strategy:
matrix:
release: ['xenial', 'bionic', 'focal', 'jammy', 'lunar', 'mantic']
steps:
- name: Prepare build tools
env:
DEBFULLNAME: GitHub CI Auto Builder
DEBEMAIL: [email protected]
run: |
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install --no-install-recommends sbuild schroot ubuntu-dev-tools debootstrap git-buildpackage
sudo sbuild-adduser $USER
cp /usr/share/doc/sbuild/examples/example.sbuildrc /home/$USER/.sbuildrc
- name: Git checkout
uses: actions/checkout@v3
- name: Build package
env:
DEBFULLNAME: GitHub CI Auto Builder
DEBEMAIL: [email protected]
run: |
gbp dch --ignore-branch --snapshot --distribution=${{ matrix.release }}
dch --local=~${{ matrix.release }} ""
sg sbuild -c "mk-sbuild --skip-proposed ${{ matrix.release }}"
sg sbuild -c "sbuild --dist='${{ matrix.release }}' --resolve-alternatives --no-clean-source --nolog --verbose --no-run-lintian --build-dir='${{ runner.temp }}'"
mv ../*.deb '${{ runner.temp }}' # Workaround for Debbug: #990734, drop in Jammy
- name: Archive debs as artifacts
uses: actions/upload-artifact@v3
with:
name: 'ci-debs-${{ matrix.release }}'
path: '${{ runner.temp }}/*.deb'
retention-days: 3
integration-tests:
name: Integration
needs: package-builds
runs-on: ${{ matrix.host_os }}
strategy:
# Disable fail-fast as these jobs are slow, so we want to extract
# as much information as possible from them.
fail-fast: false
matrix:
release: ['bionic', 'focal', 'jammy', 'lunar']
platform: ['lxd']
host_os: ['ubuntu-22.04']
include:
# xenial lxd containers dont work on hosts >20.04
- release: xenial
platform: lxd
host_os: ubuntu-20.04
- release: bionic
platform: awspro
host_os: ubuntu-22.04
- release: bionic
platform: gcppro
host_os: ubuntu-22.04
- release: bionic
platform: awspro-fips
host_os: ubuntu-22.04
steps:
- name: Prepare test tools
run: |
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install tox distro-info
sudo adduser $USER lxd
# Jammy GH Action runners have docker installed, which edits iptables
# in a way that is incompatible with lxd.
# https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker
sudo iptables -I DOCKER-USER -j ACCEPT
- name: Refresh LXD
if: matrix.platform == 'lxd' || matrix.platform == 'vm'
run: sudo snap refresh --channel latest/stable lxd
- name: Initialize LXD
if: matrix.platform == 'lxd' || matrix.platform == 'vm'
run: sudo lxd init --auto
- name: Git checkout
uses: actions/checkout@v3
- name: Retieve debs
uses: actions/download-artifact@v3
with:
name: 'ci-debs-${{ matrix.release }}'
path: '${{ runner.temp }}'
- name: Canonicalize deb filenames
working-directory: '${{ runner.temp }}'
run: |
ln -s ubuntu-advantage-tools*.deb ubuntu-advantage-tools-${{ matrix.release }}.deb
ln -s ubuntu-advantage-pro*.deb ubuntu-advantage-pro-${{ matrix.release }}.deb
- name: Behave
env:
PYCLOUDLIB_CONFIG_CONTENTS: '${{ secrets.PYCLOUDLIB_CONFIG_CONTENTS }}'
GOOGLE_APPLICATION_CREDENTIALS_CONTENTS: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_CONTENTS }}'
SSH_PRIVATE_KEY: '${{ secrets.SSH_PRIVATE_KEY }}'
SSH_PUBLIC_KEY: '${{ secrets.SSH_PUBLIC_KEY }}'
UACLIENT_BEHAVE_DEBS_PATH: '${{ runner.temp }}'
UACLIENT_BEHAVE_ARTIFACT_DIR: '${{ runner.temp }}/artifacts/behave-${{ matrix.platform }}-${{ matrix.release }}'
UACLIENT_BEHAVE_SNAPSHOT_STRATEGY: '1'
UACLIENT_BEHAVE_INSTALL_FROM: 'prebuilt'
UACLIENT_BEHAVE_CONTRACT_TOKEN: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN }}'
UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING }}'
UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED }}'
run: |
PYCLOUDLIB_CONFIG="$(mktemp --tmpdir="${{ runner.temp }}" pycloudlib.toml.XXXXXXXXXX)"
GCE_CREDENTIALS_PATH="$(mktemp --tmpdir="${{ runner.temp }}" gcloud.json.XXXXXXXXXX)"
export PYCLOUDLIB_CONFIG
export GCE_CREDENTIALS_PATH
# Dump secrets using a subshell to avoid leaks due to xtrace.
# Use printf as dash's echo always interpretes control sequences (e.g. \n).
sh -c 'printf "%s\n" "$PYCLOUDLIB_CONFIG_CONTENTS" > "$PYCLOUDLIB_CONFIG"'
sh -c 'printf "%s\n" "$GOOGLE_APPLICATION_CREDENTIALS_CONTENTS" > "$GCE_CREDENTIALS_PATH"'
# SSH keys (should match what specified in pycloudlib.toml)
mkdir -p ~/.ssh
touch ~/.ssh/cloudinit_id_rsa
chmod 600 ~/.ssh/cloudinit_id_rsa
sh -c 'printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/cloudinit_id_rsa'
sh -c 'printf "%s\n" "$SSH_PUBLIC_KEY" > ~/.ssh/cloudinit_id_rsa.pub'
uversion=$(ubuntu-distro-info --series='${{ matrix.release }}' --release | cut -d' ' -f1)
sg lxd -c "tox -e 'behave-${{ matrix.platform }}-$uversion' -- --tags=-slow"
- name: Archive test artifacts
if: always()
uses: actions/upload-artifact@v3
with:
name: 'ci-behave-${{ matrix.release }}'
path: '${{ runner.temp }}/artifacts/behave*'
retention-days: 7